Sécurité informatique :: Virus Bagle et Win32/Heur

Sécurité informatique
Sécurité informatique

FAQ

Memberlist

Usergroups

Profile

Virus Bagle et Win32/Heur
Goto page: 1, 2 >

Sécurité informatique Forum Index -> Sécurité informatique -> Désinfection

Previous topic :: Next topic

Author

Message

jet@

Offline

Joined: 16 Apr 2008
Posts: 8

Point(s): 0

Moyenne de points: 0.00

Posted: 16/04/2008 09:20:54 Post subject: Virus Bagle et Win32/Heur

Bonjour, J'ai un grand besoin d'aide. Mon ordi est infecté par au moins 2 virus I-worm Bagle et Win32/Heur, et par de nombreux chevaux de Troie... J'ai téléchargé AVG 8.0, c'est comme cela que j'ai eu le nom de ces virus. Mon ordi rame et de nombreuses fenêtres s'ouvrent sous internet explorer. Je ne sais pas comment m'en débarasser, en plus je ne maîtrise pas du tout l'utilisation d'anti-virus... et je n'y connais rien. Si quelqu'un pouvait m'aider ce serait vraiment super...

Anthony10
Administrateur

Offline

Joined: 17 Mar 2007
Posts: 351

Localisation: Le Mans

Point(s): 0

Moyenne de points: 0.00

Posted: 16/04/2008 10:58:10 Post subject: Virus Bagle et Win32/Heur

Bonjour et bienvenue jet@, Etape 1 : Deckard's System Scanner (DSS) Télécharge Deckard's System Scanner (de Deckard) sur ton Bureau. Ferme toutes les applications en cours. Double-clique sur dss.exe pour lancer l'outil. S'il ne trouve pas HijackThis, clique sur Oui. Clique sur OK à chaque fois que cela sera demandé. L'analyse finie, un fichier texte s'affichera (main.txt). Ferme cette fenêtre. Envoie le rapport main.txt de DSS (C:\Deckard\System Scanner\main.txt). Anthony.

Guest
Guest

Offline

Point(s): 0

Moyenne de points: 0.00

Posted: 16/04/2008 15:15:56 Post subject: Virus Bagle et Win32/Heur

Merci de ta réponse Anthony, Voici le rapport, j'ai juste viré mon nom... remplacé par *** Deckard's System Scanner v20071014.68 Run by * on 2008-04-16 15:04:19 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- -- Last 3 Restore Point(s) -- 3: 2008-04-16 12:52:01 UTC - RP1098 - Deckard's System Scanner Restore Point 2: 2008-04-15 21:13:52 UTC - RP1097 - Point de vérification système 1: 2008-04-14 15:27:46 UTC - RP1096 - Point de vérification système Backed up registry hives. Performed disk cleanup. System Drive C: has 5.98 GiB (less than 15%) free. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-04-16 15:06:40 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG8\avgwdsvc.exe C:\Program Files\AVG\AVG8\avgfws8.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\FTRTSVC.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG8\avgam.exe C:\Program Files\AVG\AVG8\avgrsx.exe C:\Program Files\AVG\AVG8\avgnsx.exe C:\WINDOWS\explorer.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\SMax4.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\HP\HP Software Update\hpwuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\e-Carte Bleue\LA BANQUE POSTALE\CVD ADESIO\ECB.exe C:\Program Files\VIDAL\Communs\VIDAL.exe C:\Program Files\Wanadoo\TaskBarIcon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Fichiers communs\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Wanadoo\GestionnaireInternet.exe C:\Program Files\e-Carte Bleue La Banque Postale\ecbl-lbp.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Wanadoo\ComComp.exe C:\Program Files\Mio Technology\MioSync\mioSync.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Wanadoo\Toaster.exe C:\Program Files\Wanadoo\Inactivity.exe C:\Program Files\Wanadoo\PollingModule.exe C:\WINDOWS\system32\AlertModule\AlertModule.exe C:\Program Files\Wanadoo\Watch.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\WINDOWS\system32\hpzipm12.exe C:\Documents and Settings\Cognat\Bureau\dss.exe C:\Program Files\HP\hpcoretech\comp\hpdarc.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Wanadoo\SearchPageURL.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar3.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [eCarteBleue-LP-P1] "C:\Program Files\e-Carte Bleue\LA BANQUE POSTALE\CVD ADESIO\ECB.exe" /dontopenmycards O4 - HKLM\..\Run: [vdlDeamon] C:\Program Files\Vidal\Communs\Vidal.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [DC6V_Check] "C:\Program Files\Fichiers communs\SystemDoctor\usdrdc.exe" O4 - HKLM\..\Run: [MDRV_Check] "C:\Program Files\Fichiers communs\SystemDoctor\usdrmdr.exe" O4 - HKLM\..\Run: [SwPrnMon] "C:\Program Files\Fichiers communs\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files\Calendrier\Cld2000.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl\|PARAM= cnx O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: e-Carte Bleue La Banque Postale.lnk = C:\Program Files\e-Carte Bleue La Banque Postale\ecbl-lbp.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: MioSync.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir l'image dans &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1036\phdintl.dll/phdContext.htm O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\Program Files\Copernic Agent\CopernicAgent.exe O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/activex/TmHcmsX.CAB O16 - DPF: {2D72C39D-53F6-4AEA-A9DB-1298429DA974} (3DVista Viewer Control) - http://www.3dvista.com/downloads/viewer3dv.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll O18 - Protocol: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll O18 - Protocol: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgfws8.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\system32\FTRTSVC.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 14784 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7> R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT> R3 PCANDIS5 (PCANDIS5 NDIS Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> R3 pfc (PADUS ASPI SHELL) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell> S3 fbxusb (Carte réseau virtuelle FreeBox USB) - c:\windows\system32\drivers\fbxusb32.sys <Not Verified; FreeBox SA; Carte réseau virtuelle FreeBox USB pour Windows 2000/XP> S3 PCAMPR5 (PCAMPR5 NDIS Protocol Driver) - c:\windows\system32\pcampr5.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\fichiers communs\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 Bonjour Service (Service Bonjour) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour> R2 C-DillaCdaC11BA - c:\windows\system32\drivers\cdac11ba.exe <Not Verified; Macrovision; SafeCast Windows NT> R2 FTRTSVC (France Telecom Routing Table Service) - c:\windows\system32\ftrtsvc.exe <Not Verified; France Telecom; FTRTSVC NT Service> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-04-16 10:33:00 256 --a------ C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job 2008-04-14 20:54:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2008-03-16 and 2008-04-16 ----------------------------- 2008-04-14 10:21:39 0 d--h----- C:\$AVG8.VAULT$ 2008-04-14 10:13:12 0 d-------- C:\WINDOWS\system32\drivers\Avg 2008-04-14 10:13:12 0 d-------- C:\Documents and Settings\*\Application Data\AVGTOOLBAR 2008-04-14 10:09:56 0 d-------- C:\Program Files\AVG 2008-04-14 10:09:54 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-04-13 21:44:07 0 d-------- C:\Program Files\Alwil Software 2008-04-13 18:18:35 688128 --a------ C:\WINDOWS\system32\drivers\mdelk.exe 2008-04-12 16:24:52 0 d-------- C:\Program Files\iPod 2008-04-12 16:23:52 0 d-------- C:\Program Files\Bonjour 2008-04-12 16:21:20 0 d-------- C:\Program Files\Apple Software Update 2008-04-12 16:20:42 0 d-------- C:\Program Files\Fichiers communs\Apple 2008-04-12 16:20:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-04-02 22:52:39 0 d-------- C:\Program Files\CR-TEKnologies 2008-04-02 22:49:07 0 d-------- C:\Program Files\WinHex 2008-04-02 22:28:43 315392 --a------ C:\WINDOWS\EditHexaUninstall.exe <Not Verified; ; EditHexaUninstall> 2008-04-02 22:09:31 0 d-------- C:\Program Files\HHD Software 2008-04-02 21:32:37 0 d-------- C:\Program Files\SnadBoy's Revelation v2 2008-04-02 21:18:44 0 d-------- C:\Program Files\Passware 2008-03-27 18:54:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Skyline 2008-03-27 18:54:06 0 d-------- C:\Program Files\Skyline 2008-03-26 18:20:14 0 d-------- C:\Program Files\e-Carte Bleue La Banque Postale 2008-03-19 18:19:15 0 d-------- C:\Documents and Settings\*\Application Data\dBpoweramp -- Find3M Report --------------------------------------------------------------- 2008-04-16 15:02:06 0 d-------- C:\Program Files\Wanadoo 2008-04-15 11:55:18 0 d-------- C:\Program Files\eMule 2008-04-12 16:48:30 0 d-------- C:\Program Files\iTunes 2008-04-12 16:23:23 0 d-------- C:\Program Files\QuickTime 2008-04-12 16:20:42 0 d-------- C:\Program Files\Fichiers communs 2008-04-06 21:27:10 0 d-------- C:\Program Files\Mindscape 2008-04-06 21:26:16 0 d-------- C:\Program Files\Java 2008-03-30 21:37:53 0 d-------- C:\Program Files\LimeWire 2008-03-30 21:37:10 0 d-------- C:\Documents and Settings\*\Application Data\LimeWire 2008-03-30 17:57:07 461736 --a------ C:\WINDOWS\system32\perfh00C.dat 2008-03-30 17:57:06 70994 --a------ C:\WINDOWS\system32\perfc00C.dat 2008-03-26 18:20:14 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-03-20 23:35:25 0 d-------- C:\Program Files\Mio Technology 2008-03-12 16:35:08 0 d-------- C:\Program Files\cGeep 2008-03-12 16:29:28 0 d-------- C:\Documents and Settings\*\Application Data\cGeep 2008-03-12 16:01:51 0 d-------- C:\Program Files\MailingBuilder 2008-03-08 17:59:02 0 d-------- C:\Program Files\Camouflage 2008-03-03 18:53:48 0 d-------- C:\Documents and Settings\*\Application Data\InstallShield 2008-02-24 00:11:40 0 d-------- C:\Documents and Settings\**\Application Data\AccurateRip 2008-02-24 00:11:38 12896 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat 2008-02-24 00:11:36 0 d-------- C:\Program Files\Illustrate -- Registry Dump --------------------------------------------------------------- Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}] 14/04/2008 10:13 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [14/04/2008 10:13 2051328] [-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}] [HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [01/04/2004 11:52] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [26/03/2004 15:40] "RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [08/12/2003 18:35] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 12:50] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [04/08/2003 18:28] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [22/12/2003 09:38] "DXDllRegExe"="dxdllreg.exe" [] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 23:46] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [30/08/2006 22:28] "eCarteBleue-LP-P1"="C:\Program Files\e-Carte Bleue\LA BANQUE POSTALE\CVD ADESIO\ECB.exe" [13/12/2005 15:37] "vdlDeamon"="C:\Program Files\Vidal\Communs\Vidal.exe" [29/12/2004 19:49] "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [23/08/2004 14:49] "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [14/10/2004 16:55] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [14/08/2007 08:54] "DC6V_Check"="C:\Program Files\Fichiers communs\SystemDoctor\usdrdc.exe" [] "MDRV_Check"="C:\Program Files\Fichiers communs\SystemDoctor\usdrmdr.exe" [] "SwPrnMon"="C:\Program Files\Fichiers communs\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe" [10/10/2005 15:16] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [15/12/2006 04:23] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [28/03/2008 23:37] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [14/04/2008 10:12] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [05/08/2004 14:00] "Cld2000.exe"="C:\Program Files\Calendrier\Cld2000.exe" [] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [] "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [23/08/2004 14:50] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ e-Carte Bleue La Banque Postale.lnk - C:\Program Files\e-Carte Bleue La Banque Postale\ecbl-lbp.exe [26/03/2008 18:20:14] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [16/09/2003 06:19:24] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [21/01/2000 10:15:56] MioSync.lnk - C:\Program Files\Mio Technology\MioSync\mioSync.exe [17/08/2006 19:26:42] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll SafeBoot registry key needs repairs. This machine cannot enter Safe Mode. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80403e5c-6320-11d9-8b4c-00112f8f7cea}] AutoRun\command- E:\loader.exe /no hidden -- End of Deckard's System Scanner: finished at 2008-04-16 15:07:22 ------------

jet@

Offline

Joined: 16 Apr 2008
Posts: 8

Point(s): 0

Moyenne de points: 0.00

Posted: 16/04/2008 15:19:11 Post subject: Virus Bagle et Win32/Heur

J'avais oublié de m'identifier... Juste une question, quand j'ai fait ce que tu m'as dit, il y a eu un pb avec le pare-feu...

Anthony10
Administrateur

Offline

Joined: 17 Mar 2007
Posts: 351

Localisation: Le Mans

Point(s): 0

Moyenne de points: 0.00

Posted: 16/04/2008 23:17:35 Post subject: Virus Bagle et Win32/Heur

Bonsoir, Etape 1 : SafeBootKeyRepair. Télécharge SafeBootKeyRepair.exe sur ton Bureau. Double-clique sur SafeBootKeyRepair.exe pour le lancer. Etape 2 : Elibagla. Télécharge ELIBAGLA (clique sur le bouton "Descargar Elibagla" en bas de la page) sur ton Bureau. Redémarre en mode sans échec Lance ELIBAGLA par un double clic sur EliBaglA.exe Vérifie que dans Unidad: il y a bien C:\ Vérifie aussi que l'option Eliminar Ficheros Automaticamente est cochée (en bas de la fenêtre). Clique sur le bouton Explorar pour lancer l'analyse. Attends sans rien faire d'autre la fin de l'exécution de l'outil. Redémarre en mode normal. Génère un nouveau rapport de DSS. Envoie le rapport de ELIBAGLA (contenu du fichier C:\InfoSat.txt) avec le rapport main.txt de DSS et le rapport C:\SafeBoot_Repair.txt. A suivre,

jet@

Offline

Joined: 16 Apr 2008
Posts: 8

Point(s): 0

Moyenne de points: 0.00

Posted: 17/04/2008 09:39:28 Post subject: Virus Bagle et Win32/Heur

Merci Anthony, je fais ça de suite et poste les rapports... A bientôt.

jet@

Offline

Joined: 16 Apr 2008
Posts: 8

Point(s): 0

Moyenne de points: 0.00

Posted: 17/04/2008 12:04:07 Post subject: Virus Bagle et Win32/Heur

Voici le rapport main.txt de DSS Deckard's System Scanner v20071014.68 Run by *** on 2008-04-17 11:52:08 Computer is in Normal Mode. -------------------------------------------------------------------------------- System Drive C: has 5.94 GiB (less than 15%) free. -- HijackThis (run as Cognat.exe) ---------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:52:29, on 17/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgfws8.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\e-Carte Bleue\LA BANQUE POSTALE\CVD ADESIO\ECB.exe C:\Program Files\Vidal\Communs\Vidal.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\Fichiers communs\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\e-Carte Bleue La Banque Postale\ecbl-lbp.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mio Technology\MioSync\mioSync.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\WINDOWS\system32\HPZipm12.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\Documents and Settings\Cognat\Bureau\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\*.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [eCarteBleue-LP-P1] "C:\Program Files\e-Carte Bleue\LA BANQUE POSTALE\CVD ADESIO\ECB.exe" /dontopenmycards O4 - HKLM\..\Run: [vdlDeamon] C:\Program Files\Vidal\Communs\Vidal.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [DC6V_Check] "C:\Program Files\Fichiers communs\SystemDoctor\usdrdc.exe" O4 - HKLM\..\Run: [MDRV_Check] "C:\Program Files\Fichiers communs\SystemDoctor\usdrmdr.exe" O4 - HKLM\..\Run: [SwPrnMon] "C:\Program Files\Fichiers communs\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files\Calendrier\Cld2000.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl\|PARAM= cnx O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: e-Carte Bleue La Banque Postale.lnk = C:\Program Files\e-Carte Bleue La Banque Postale\ecbl-lbp.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir l'image dans &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1036\phdintl.dll/phdContext.htm O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/activex/TmHcmsX.CAB O16 - DPF: {2D72C39D-53F6-4AEA-A9DB-1298429DA974} (3DVista Viewer Control) - http://www.3dvista.com/downloads/viewer3dv.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 12895 bytes -- Files created between 2008-03-17 and 2008-04-17 ----------------------------- 2008-04-17 11:52:26 0 d-------- C:\Program Files\Trend Micro 2008-04-17 10:59:43 0 d-------- C:\Muestras 2008-04-14 10:21:39 0 d--h----- C:\$AVG8.VAULT$ 2008-04-14 10:13:12 0 d-------- C:\WINDOWS\system32\drivers\Avg 2008-04-14 10:13:12 0 d-------- C:\Documents and Settings\\Application Data\AVGTOOLBAR 2008-04-14 10:09:56 0 d-------- C:\Program Files\AVG 2008-04-14 10:09:54 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-04-13 21:44:07 0 d-------- C:\Program Files\Alwil Software 2008-04-13 18:14:42 0 d-------- C:\WINDOWS\system32\drivers\downld 2008-04-12 16:24:52 0 d-------- C:\Program Files\iPod 2008-04-12 16:23:52 0 d-------- C:\Program Files\Bonjour 2008-04-12 16:21:20 0 d-------- C:\Program Files\Apple Software Update 2008-04-12 16:20:42 0 d-------- C:\Program Files\Fichiers communs\Apple 2008-04-12 16:20:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-04-02 22:52:39 0 d-------- C:\Program Files\CR-TEKnologies 2008-04-02 22:49:07 0 d-------- C:\Program Files\WinHex 2008-04-02 22:28:43 315392 --a------ C:\WINDOWS\EditHexaUninstall.exe <Not Verified; ; EditHexaUninstall> 2008-04-02 22:09:31 0 d-------- C:\Program Files\HHD Software 2008-04-02 21:32:37 0 d-------- C:\Program Files\SnadBoy's Revelation v2 2008-04-02 21:18:44 0 d-------- C:\Program Files\Passware 2008-03-27 18:54:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Skyline 2008-03-27 18:54:06 0 d-------- C:\Program Files\Skyline 2008-03-26 18:20:14 0 d-------- C:\Program Files\e-Carte Bleue La Banque Postale 2008-03-19 18:19:15 0 d-------- C:\Documents and Settings\**\Application Data\dBpoweramp -- Find3M Report --------------------------------------------------------------- 2008-04-17 11:50:25 0 d-------- C:\Program Files\Wanadoo 2008-04-15 11:55:18 0 d-------- C:\Program Files\eMule 2008-04-12 16:48:30 0 d-------- C:\Program Files\iTunes 2008-04-12 16:23:23 0 d-------- C:\Program Files\QuickTime 2008-04-12 16:20:42 0 d-------- C:\Program Files\Fichiers communs 2008-04-06 21:27:10 0 d-------- C:\Program Files\Mindscape 2008-04-06 21:26:16 0 d-------- C:\Program Files\Java 2008-03-30 21:37:53 0 d-------- C:\Program Files\LimeWire 2008-03-30 21:37:10 0 d-------- C:\Documents and Settings\Cognat\Application Data\LimeWire 2008-03-30 17:57:07 461736 --a------ C:\WINDOWS\system32\perfh00C.dat 2008-03-30 17:57:06 70994 --a------ C:\WINDOWS\system32\perfc00C.dat 2008-03-26 18:20:14 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-03-20 23:35:25 0 d-------- C:\Program Files\Mio Technology 2008-03-12 16:35:08 0 d-------- C:\Program Files\cGeep 2008-03-12 16:29:28 0 d-------- C:\Documents and Settings\Cognat\Application Data\cGeep 2008-03-12 16:01:51 0 d-------- C:\Program Files\MailingBuilder 2008-03-08 17:59:02 0 d-------- C:\Program Files\Camouflage 2008-03-03 18:53:48 0 d-------- C:\Documents and Settings\Cognat\Application Data\InstallShield 2008-02-24 00:11:40 0 d-------- C:\Documents and Settings\Cognat\Application Data\AccurateRip 2008-02-24 00:11:38 12896 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat 2008-02-24 00:11:36 0 d-------- C:\Program Files\Illustrate -- Registry Dump --------------------------------------------------------------- Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}] 14/04/2008 10:13 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [14/04/2008 10:13 2051328] [-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}] [HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [01/04/2004 11:52] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [26/03/2004 15:40] "RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [08/12/2003 18:35] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 12:50] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [04/08/2003 18:28] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [22/12/2003 09:38] "DXDllRegExe"="dxdllreg.exe" [] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 23:46] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [30/08/2006 22:28] "eCarteBleue-LP-P1"="C:\Program Files\e-Carte Bleue\LA BANQUE POSTALE\CVD ADESIO\ECB.exe" [13/12/2005 15:37] "vdlDeamon"="C:\Program Files\Vidal\Communs\Vidal.exe" [29/12/2004 19:49] "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [23/08/2004 14:49] "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [14/10/2004 16:55] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [14/08/2007 08:54] "DC6V_Check"="C:\Program Files\Fichiers communs\SystemDoctor\usdrdc.exe" [] "MDRV_Check"="C:\Program Files\Fichiers communs\SystemDoctor\usdrmdr.exe" [] "SwPrnMon"="C:\Program Files\Fichiers communs\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe" [10/10/2005 15:16] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [15/12/2006 04:23] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [28/03/2008 23:37] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [14/04/2008 10:12] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [05/08/2004 14:00] "Cld2000.exe"="C:\Program Files\Calendrier\Cld2000.exe" [] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [] "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [23/08/2004 14:50] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ e-Carte Bleue La Banque Postale.lnk - C:\Program Files\e-Carte Bleue La Banque Postale\ecbl-lbp.exe [26/03/2008 18:20:14] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [16/09/2003 06:19:24] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [21/01/2000 10:15:56] MioSync.lnk - C:\Program Files\Mio Technology\MioSync\mioSync.exe [17/08/2006 19:26:42] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80403e5c-6320-11d9-8b4c-00112f8f7cea}] AutoRun\command- E:\loader.exe /no hidden -- End of Deckard's System Scanner: finished at 2008-04-17 11:52:56 ------------ Le rapport safeBootKey repair Reg export of SafeBoot key after repair: ======================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot] "AlternateShell"="cmd.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys] @="FSFilter System Recovery" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] @="Universal Serial Bus controllers" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] @="CD-ROM Drive" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] @="Standard floppy disk controller" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] @="PCMCIA Adapters" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] @="SCSIAdapter" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] @="Floppy disk drive" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] @="Human Interface Devices" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys] @="FSFilter System Recovery" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}] @="Universal Serial Bus controllers" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] @="CD-ROM Drive" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] @="Standard floppy disk controller" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] @="Net" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] @="NetClient" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] @="NetService" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] @="NetTrans" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] @="PCMCIA Adapters" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] @="SCSIAdapter" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] @="Floppy disk drive" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] @="Human Interface Devices" ======================== Et le rapport Elibagla Thu Apr 17 10:59:46 2008 EliBagle v11.27 (c)2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado. C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle Acceso Denegado. C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado. Reinicie para Completar la Limpieza. Thu Apr 17 11:04:56 2008 EliBagle v11.27 (c)2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Eliminado Bagle C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle (rootkit) C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Eliminado Bagle.dldr Thu Apr 17 11:05:06 2008 EliBagle v11.27 (c)2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ C:\WINDOWS\system32\MDELK.EXE --> Eliminado Bagle C:\WINDOWS\system32\drivers\MDELK.EXE --> Eliminado Bagle.dldr C:\WINDOWS\system32\drivers\downld\1013968.EXE --> Eliminado Bagle C:\WINDOWS\system32\drivers\downld\101781.EXE --> Eliminado Bagle C:\WINDOWS\system32\drivers\downld\1062843.EXE --> Eliminado Bagle C:\WINDOWS\system32\drivers\downld\1148093.EXE --> Eliminado Bagle C:\WINDOWS\system32\drivers\downld\1259984.EXE --> Eliminado Bagle C:\WINDOWS\system32\drivers\downld\1305468.EXE --> Eliminado Bagle C:\WINDOWS\system32\drivers\downld\1867203.EXE --> Eliminado Bagle C:\WINDOWS\system32\drivers\downld\1970015.EXE --> Eliminado Bagle C:\WINDOWS\system32\drivers\downld\221906.EXE --> Eliminado Bagle C:\WINDOWS\system32\drivers\downld\2272171.EXE --> Eliminado Bagle C:\WINDOWS\system32\drivers\downld\2357875.EXE --> Eliminado Bagle C:\WINDOWS\system32\drivers\downld\243171.EXE --> Eliminado Bagle C:\WINDOWS\system32\drivers\downld\2657296.EXE --> Eliminado Bagle C:\WINDOWS\system32\drivers\downld\338062.EXE --> Eliminado Bagle C:\WINDOWS\system32\drivers\downld\473218.EXE --> Eliminado Bagle C:\WINDOWS\system32\drivers\downld\499250.EXE --> Eliminado Bagle C:\WINDOWS\system32\drivers\downld\544937.EXE --> Eliminado Bagle C:\WINDOWS\system32\drivers\downld\590109.EXE --> Eliminado Bagle C:\WINDOWS\system32\drivers\downld\802078.EXE --> Eliminado Bagle C:\WINDOWS\system32\drivers\downld\806687.EXE --> Eliminado Bagle C:\WINDOWS\system32\drivers\downld\926609.EXE --> Eliminado Bagle C:\WINDOWS\system32\drivers\downld\933453.EXE --> Eliminado Bagle Nº Total de Directorios: 9941 Nº Total de Ficheros: 116441 Nº de Ficheros Analizados: 11981 Nº de Ficheros Infectados: 24 Nº de Ficheros Limpiados: 24 Par contre lors del'exécution de Elibagla plusieurs messages "accesso denegado a la carpeta" sont apparus et j'ai dû cliquer sur OK pour continuer l'analyse...

Anthony10
Administrateur

Offline

Joined: 17 Mar 2007
Posts: 351

Localisation: Le Mans

Point(s): 0

Moyenne de points: 0.00

Posted: 19/04/2008 12:39:42 Post subject: Virus Bagle et Win32/Heur

Bonjour,

Enregistre la procédure puisque tu n'auras pas accès à Internet.
De plus, exécute toutes ces étapes dans l'ordre indiqué.
Si tu as besoin d'explications, n'hésite pas à me demander avant de commencer la désinfection.

Etape 1 : Désinstallations.
Double-clique sur "Poste de travail"/"Panneau de configuration"
Clique sur "Ajouter ou supprimer des programmes".
Verifie si ce programme est présent dans la liste :

SystemDoctor

S'il est présent, le désinstaller en cliquant dessus puis Supprimer

Etape 2 : Flash_Disinfector.
Télécharge Flash_Disinfector.exe sur ton Bureau.

Ferme les applications en cours.
Double-clique sur Flash_Disinfector.exe pour lancer l'outil.

La fenêtre "Start - Flash_Disinfector" demande le branchement de ta cle USB. Fais-le.
Clique sur OK.
Une fois fini, l'expression "Done!" s'affiche, clique sur OK.

Note :
Fais cette manipulation pour chacune de tes clés USB.

Etape 3 : OTMoveIt2.
Télécharge OTMoveIt2 (de OldTimer) sur ton Bureau.

Ouvre le Bloc-Notes.
Copie-colle la citation suivante dans le Bloc-Notes ouvert précédemment.

Quote:

C:\Program Files\Fichiers communs\SystemDoctor

Enregistre le fichier sur ton Bureau sous le nom de Move1
Ferme le Bloc-Notes.

Etape 4 : AVG Anti-Spyware.
Télécharge et installe AVG Anti-Spyware 7.5

Lance AVG Anti-Spyware.
Clique sur l'onglet "Mise à jour".
Sous Mise à jour manuelle, clique sur Commencer la mise à jour.
Si besoin, sous Paramètres, insères les identifiants de ton proxy.
Attends la fin de la mise à jour et ferme AVG Anti-Spyware.

Etape 5 : CleanUp!.
Télécharge et installe CleanUp! sur ton Bureau.

Lance CleanUp!
Clique sur le bouton "Option".
Sous "Quick Setup", vérifie que la flèche soit en face de Standard CleanUp! (Si ce n'est pas le cas, place-la devant.).
Décoche la case située devant Enable sounds.
Clique sur OK.
Clique sur le bouton CleanUp!
Lorsque le message Initial CleanUp! done. Now restart Windows to complete CleanUp! apparaît en-bas, clique sur le bouton Close.
A la fenêtre de redémarrage, clique sur Oui.

Etape 6 : Mode sans échec.
Dans le menu Démarrer, clique sur Arrêter l'ordinateur et clique sur Redémarrer.
Au début du redémarrage, tapote la touche F8 de ton clavier jusqu'à ce que les Options Avancés de Windows apparraissent.
Choisis le mode sans échec et appuis sur Enter.
Choisis ton compte usuel.

Etape 7 : HijackThis.
Ferme toutes les applications en cours sauf HijackThis.
Lance HijackThis
Clique sur le bouton Do a system scan only.
Coche les cases situées devant les lignes suivantes (si présentes).

Quote:

O4 - HKLM\..\Run: [DC6V_Check] "C:\Program Files\Fichiers communs\SystemDoctor\usdrdc.exe"
O4 - HKLM\..\Run: [MDRV_Check] "C:\Program Files\Fichiers communs\SystemDoctor\usdrmdr.exe"

Clique sur le bouton Fixed checked.
Ferme HijackThis.

Etape 8 : OTMoveIt.
Lance OTmoveIt2.exe
Ouvre le fichier Move1.txt
Sélectionne la totalité des lignes du Bloc-Notes puis clique sur Edition / Copier
Ré-ouvre la fenêtre de OTMoveIt2, clique droit dans la fenêtre nommée "Paste List Of Files/Folders to Move" puis clique sur Coller.
Clique sur le bouton MoveIt!.
Attends la fin de la suppression.
Ferme l'outil.

Note : Un redémarrage sera peut-être nécessaire, accepte-le si demandé.

Etape 9 : AVG Anti-Spyware.
Lance AVG Anti-Spyware.
Clique sur l"Analyse".
Clique sur l'onglet "Paramètres".
Sous "Comment réagir ?", clique sur Actions recommandées et choisis Quarantaine.
Sous "Comment faire l'analyse", vérifie que toutes la cases soient cochées (Si ce n'est pas le cas, coche-les).
Sous "Programmes potentiellement dangereux", vérifie que toutes les cases soient cochées (Si ce n'est pas le cas, coche-les).
Sous "Rapports", vérifie que Générer un rapport après chaque analyse soit coché (Si ce n'est pas le cas, coche-le).
Clique sur l'onglet "Analyser" et clique sur Analyse complète du système.
A la fin de l'analyse, clique sur Appliquer toutes les infections.
Par la suite, clique sur Enregistrer le rapport et clique sur Enregistrer le rapport sous.
Ferme AVG Anti-Spyware.

Etape 10 : Redémarrage et nouveau message.
Redémarre en mode normal.
Génère un nouveau rapport de DSS.
Dans ta future réponse, envoie :

- Le rapport de OTMoveIt2 (contenu du fichier C:\_OTMoveIt\MovedFiles\********_******.log où les * représentent la date et l'heure).
- Le nouveau rapport de DSS (main.txt).
- Le rapport de AVG Anti-Spyware (situé sur C:\Program Files\GrisoftAVG Anti Spyware 7.5\Reports).
- Indique si le souci initial est toujours présent.

A suivre,

jet@

Offline

Joined: 16 Apr 2008
Posts: 8

Point(s): 0

Moyenne de points: 0.00

Posted: 19/04/2008 20:34:24 Post subject: Virus Bagle et Win32/Heur

Bonsoir et merci de ta réponse très précise. Juste une question que sont les identifiants proxy ?

Anthony10
Administrateur

Offline

Joined: 17 Mar 2007
Posts: 351

Localisation: Le Mans

Point(s): 0

Moyenne de points: 0.00

Posted: 20/04/2008 20:53:49 Post subject: Virus Bagle et Win32/Heur

Bonsoir, Si tu ne disposes pas d'un proxy, cela ne te sert à rien de compléter les identifiants. Anthony.

jet@

Offline

Joined: 16 Apr 2008
Posts: 8

Point(s): 0

Moyenne de points: 0.00

Posted: 21/04/2008 23:30:34 Post subject: Virus Bagle et Win32/Heur

Bonsoir Anthony, J'ai fait toutes les étapes jusqu'à l'étape 9. Là j'ai eu un problème : l'écran de AVG Anti-Spyware était trop grand et je n'ai pas pu voir si toutes les cases étaient cochées (pour "comment faire l'analyse" et "programmes potentiellement dangereux"). j'ai quand même lancé l'analyse et à la fin je n'ai pas pu enregistrer de rapport. J'ai appliqué toutes les infections mais ensuite impossible de cliquer sur "enregistrer le rapport" donc pas "d'enregistrer sous" non plus... Merci de ton aide.